Answer - The best of both worlds - Blockchain like results and the ease of use of QR codes
Over the last decade, we see QR codes grow in popularity across many applications away from their original uses in manufacturing, thanks to the widespread ownership of camera smartphones with apps that could read the QR Codes. This led to an explosion of its usefulness - in marketing, secure documents, etc. In the last year, it skyrocketed further in popularity due to its use for contract tracing for COVID-19 and is now ubiquitous.
In the same decade, blockchain has risen in popularity for its potential uses beyond its original use in cryptocurrency bitcoin. It’s actively being looked at for areas such as smart contracts, trade finance, and questions have been raised about its use for secure documents such as certificates.
At Qryptal, we have often been asked this question on use of blockchains versus secure QR. It turns out it need not be an either or discussion
THE SECURE QR CHALLENGE
While QR code was initially designed for a different purpose because of the open standard on which it is based, its ability to have a high density of information per unit area and the explosive growth of smartphones giving everyone the capability to have a QR reader on demand, has resulted in QR code use growing exponentially over the last decade. However, when security and secure documents transfers are involved, the standard QR code faces a few challenges.
QR Codes even today are commonly used for URL redirection to a web page or resource, but this can lead to QR phishing and is not suitable in case of security and making the information tamper-proof. At Qryptal, we designed our Secure QR code solution to be secured with a private key of sufficient strength so that it cannot be tampered with.
Secure QR code can be considered just like the immutable ledger (as it is tamper-proof and safe) in a blockchain. And the benefit is that the validator-user can still validate without being part of a network (which is the requirement in Blockchain) as the verification is decentralised. Thus, secure QR codes combine the best of both worlds.
The key elements of blockchain are immutability (cannot be changed or altered in an unauthorised manner), distributed ledger (every participant can see all the transactions and verify and even keep a copy), decentralised (there is no single governing authority), enhanced security (using hashing, encryption and cryptography) and based on consensus protocols.
Qryptal’s Secure QR codes give us the same elements - information is secured at the time of generation using a unique private key under the issuer’s control only, thus preventing unauthorised alterations or tampering. It is based on standard cryptography and has high levels of security due to PKI. The code itself is the distributed ledger. All that is needed for verification is the corresponding public key, which can be distributed as per the issuer’s requirements and the transaction.
In this way, Secure QR codes are also different from the widely-seen regular URL based QR codes. Qryptal’s Secure QR uses readily available web-based verification tools or Apps on mobile phones, which can be easily accessed, yet offer security and functionality comparable to much more expensive blockchain technologies. This is possible because, akin to blockchain, Qryptal’s secure QR uses similar digital signing commonly used in blockchain at the point of generation of the code with validation that is de-centralized and does not access to a central ledger. All that is required is the public key to verify the information has not been tampered.
Hence, using blockchain-like asymmetric encryption and signing capabilities, secure QR codes help achieve the security of blockchain solutions at a fraction of the cost.
Qryptal’s secure codes technology has in a way combined QR Codes and blockchain benefits to enable secure centralized “truth” generation with de-centralised validation
Such a secure QR code solution allows for multiple use cases like cheques, ID cards, invoices, passports, school certificates, trade finance documents, vaccination certificates, Covid test reports etc to name a few. Enterprises also benefit from simple integration using APIs into their existing ERP systems in either an on-premises or cloud environment.
HOW DOES AUTHENTICATION WORK WITH SECURE QR?
Generation and Validation of Secure QR Codes
The validator usually scans the secure QR code with a mobile app or goes to a verification web page on the issuer website, or a validation server is used for bulk validation.
The mobile app has a public key that can verify the information embedded into the secure QR code digitally signed by the issuer’s private key – this works for both physical documents and electronic documents carrying the code.
IS SUCH A SOLUTION WIDELY USED TODAY?
Today, Qryptal’s Secure QR Codes are used in over 25 countries across large enterprises, SME’s and governments. They are used to secure invoices, purchase orders, bank statements, industrial test certificates, Covid-19 test reports certificates, university degrees, transcripts and many more documents.
All these use cases of Qryptal’s Secure QR code solution use PKI based security equivalent to 3072 bit RSA, along with it’s multi-stage pipeline compression to generate a small QR code footprint which facilitates decentralised validation using just the public key. The technology uses standard cryptography and allows for quick, efficient, and effective verification. These features make it a compelling proposition and offer a unique advantage to make documents tamper proof and easily verifiable.
Secure QR - Combines Blockchain elements with QR
With Qryptal’s Secure Code solution only authorised issuers can generate and digitally sign the QR with a private key. The QR code encapsulates the critical information that needs to be communicated and verified. This secure QR code is tamper-proof. The QR code can be easily verified by the corresponding public key.
Documents with the Secure QR can be both physical and digital i.e “physical-digital”. Verification is simple and instantaneous. Once the code is placed on the document, it can be verified at anytime on a verification website configured for each issuer (say at: verify.xyz.com). We will create, host and configure this website as part of our setup. This verification website will offer 3 options to verify:
- On a phone/laptop - scan code with device camera (no App to install)
- Upload report PDF/image/scan copy
- Install Document Validator App for iOS / Android
Automated or bulk verification methods are also available using API calls to a validation server for cases where the flow requires such bulk processing of information
Seamless Verification Experience
You may also be interested in -
- Why Having Immunity Passports on Blockchain is a bad idea
- ‘Freedom Passes’ - A brilliant idea whose time has come
- Fake Certificate Factories - Myth or Reality?
- Did you know - there is an easy way to incorporate document security with your LIS